Hello again, as the title suggests, this may be hopeless but I'd like to see if there is chance that this machine can be salvaged.
First, a brief history of the computer in question. I was given the computer by an IT department, they were upgrading so the price was right. Since I first started it up there has been no account password on either of the user accounts I see, they will load automatically when one is chosen. I try to sign in to set basic account security and get told I don't have the proper password...
No one that I've contacted has been able to come up with login info, still working on that. Also worth noting that when I downloaded and tried to run FRST, I was told on both user accounts that I didn't have permission. I was finally able to download and run it from the Bleeping Computer site today although the update failed.
The first thing that made me suspicious of the computer (besides the lack of log in credentials) was that while messing around with the ProcMon64 tool I noticed "Name collisions" and then a series of "buffer overflows" that, in spite of my lack of skill jumped out at me. After finally getting the FRST results, I'm wondering if, well, see thread title.
My hope is that at some point I can get control of the user accounts, short of that I'll likely throw the hard drive in the trash and plug in a different one. Thanks very much in advance.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-04-2022
Ran by Home-Pc (administrator) on DESKTOP-8AQ2J5E (Dell Inc. OptiPlex 790) (01-05-2022 18:11:47)
Running from C:\Users\Home-Pc\Desktop
Loaded Profiles: Home-Pc
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1682 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\Program Files (x86)\Battle.net\.Battle.net.exe.432.7740.temp <3>
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.7661\Agent.exe
(explorer.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(explorer.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(explorer.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(explorer.exe ->) (Tonalio GmbH -> sandboxie-plus.com) C:\Program Files\Sandboxie\SbieCtrl.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_e3868713e3d137ef\esif_uf.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_61da2dd1459ab6aa\RstMwService.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.22.3.9\NortonSecurity.exe <2>
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.22.3.9\nsWscSvc.exe
(services.exe ->) (Tonalio GmbH -> sandboxie-plus.com) C:\Program Files\Sandboxie\SbieSvc.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (NortonLifeLock Inc. -> Symantec Corporation) C:\Program Files\Norton Utilities\x64\LBGovernor.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3392528 2021-11-01] (Tonalio GmbH -> sandboxie-plus.com)
HKLM\...\Windows x64\Print Processors\Canon MG2500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBX.DLL [30208 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
BootExecute: autocheck autochk * sdnclean64.exebddel.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-2199619703-1585671556-87930541-1003\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {012D26CF-2A06-46B3-8BF8-7A7EAA84BB46} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.22.3.9\SymErr.exe [108240 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {0FE33493-0C13-41BA-8EC3-92E5CFC9656A} - System32\Tasks\Norton Utility\AutomaticCare => C:\Program Files\Norton Utilities\NUP.exe [3632112 2022-02-03] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {10D091C1-065B-4CDD-BDAD-38939FDF37FA} - System32\Tasks\GoogleUpdateTaskMachineUA{73DEBFF9-E818-4D7F-957E-197C11ED0D05} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-03] (Google LLC -> Google LLC)
Task: {28B45BB2-5879-43F4-AAE8-3056FB922BD1} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {3936847A-B7F8-45BF-BA97-8FAE27DEEC2C} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.22.3.9\SymErr.exe [108240 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {3F76B022-96FF-4052-AA80-652748168243} - System32\Tasks\Norton Utility\ActiveSync-NortonUtility => C:\Program Files\Norton Utilities\ActiveBridge.exe -appexecutable NUP.exe -ammode (No File)
Task: {61BE0A07-17F1-4DCE-B80E-13A89EC08615} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [1145 2021-03-24] () [File not signed]
Task: {6618C710-DC33-436F-86A2-2983395514E1} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2353000 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {6E00F8AF-E3A8-425E-8648-D899028D0E21} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {8DC83BD6-52C3-485F-B048-C810B628AB69} - System32\Tasks\Norton Utility\Live Boost Process Governor => C:\Program Files\Norton Utilities\x64\LBGovernor.exe [1050096 2022-02-03] (NortonLifeLock Inc. -> Symantec Corporation)
Task: {CC2EF7FB-3A4B-4955-9B0A-577F4B3B4D56} - System32\Tasks\GoogleUpdateTaskMachineCore{4DBD1454-0D91-4B18-B7AA-629538FA5AA6} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-03] (Google LLC -> Google LLC)
Task: {F697D847-1477-468A-AA32-7B45615973C1} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.22.3.9\WSCStub.exe [646520 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {FF8C1F4C-E262-43A0-B91D-5D1EA7809799} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.22.3.9\SymErr.exe [108240 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.65
Tcpip\..\Interfaces\{a7f57898-8771-4266-ba31-8849f416c369}: [DhcpNameServer] 192.168.0.1 205.171.3.65
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Home-Pc\AppData\Local\Microsoft\Edge\User Data\Default [2022-05-01]
Edge NewTab: Default -> Active:"chrome-extension://okplngpklcjmpdemleibnhidjihcobef/homePageRedirect.html"
Edge DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?omnisearch=yes&q={searchTerms}
Edge DefaultSearchKeyword: Default -> nortonsafe
Edge DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?limit=10&li=ff&hl=en&q={searchTerms}
Edge Extension: (Norton Safe Web) - C:\Users\Home-Pc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2022-04-20]
Edge Extension: (Norton Safe Search) - C:\Users\Home-Pc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ikkagnliefbhcdgnnhfidhhbocdhkdeb [2022-04-20]
Edge Extension: (Norton Password Manager) - C:\Users\Home-Pc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lcccdlklhahfmobgpnilndimkankpnkg [2022-04-20]
Edge Extension: (Norton Home Page) - C:\Users\Home-Pc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\okplngpklcjmpdemleibnhidjihcobef [2022-04-20]
FireFox:
========
FF DefaultProfile: 9pveu3z0.default
FF ProfilePath: C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\9pveu3z0.default [2021-12-05]
FF ProfilePath: C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release [2022-05-01]
FF Extension: (Facebook Container) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\@contain-facebook.xpi [2022-03-17]
FF Extension: (Firefox Multi-Account Containers) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\@testpilot-containers.xpi [2022-04-22]
FF Extension: (HTTPS Everywhere) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\https-everywhere@eff.org.xpi [2021-12-05]
FF Extension: (Norton Password Manager) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\idsafe@norton.com.xpi [2022-04-18]
FF Extension: (VT4Browsers) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\info@virustotal.com.xpi [2022-04-05]
FF Extension: (Norton Safe Web) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\nortonsafeweb@symantec.com.xpi [2022-03-11]
FF Extension: (Firefox Relay) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\private-relay@firefox.com.xpi [2022-04-27]
FF Extension: (Privacy Possum) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\woop-NoopscooPsnSXQ@jetpack.xpi [2021-12-05]
FF Extension: (NoScript) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2022-04-18]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2019-07-02] (CANON INC.) [File not signed]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2022-01-22] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2022-01-22] <==== ATTENTION
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.22.3.9\NortonSecurity.exe [344888 2022-04-04] (NortonLifeLock Inc. -> NortonLifelock Inc.)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.22.3.9\nsWscSvc.exe [1059176 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [360976 2021-11-01] (Tonalio GmbH -> sandboxie-plus.com)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6254856 2022-04-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-24] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-24] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.21.11.46\Definitions\BASHDefs\20220428.021\BHDrvx64.sys [1672184 2022-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S4 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [284672 2021-04-27] (Microsoft Corporation) [File not signed]
S4 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1616030.009\ccSetx64.sys [191200 2022-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [509904 2021-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145376 2022-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 GKUPRO2D; C:\Windows\System32\drivers\GKUPRO2D.sys [146320 2021-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Gemalto)
S3 GSCAuxDriver; C:\Windows\System32\DriverStore\FileRepository\gscauxdriver.inf_amd64_fe9355c6b52fb409\GSCAuxDriverx64.sys [71432 2021-09-21] (Intel(R) pGFX 2020 -> Intel Corporation)
S3 GSCx64; C:\Windows\System32\DriverStore\FileRepository\gscheci.inf_amd64_e0a6bd87d5543f55\TeeDriverGSCW8x64.sys [243976 2021-09-21] (Intel(R) pGFX 2020 -> Intel Corporation)
S3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2021-09-21] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2021-09-21] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_SPI_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_b6ea3d48ee329530\iaLPSS2_SPI_TGL.sys [155816 2021-09-21] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_UART2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_1a8e964d43720594\iaLPSS2_UART2_TGL.sys [310440 2021-09-21] (Intel Corporation -> Intel Corporation)
S0 iaStorVD; C:\Windows\System32\drivers\iaStorVD.sys [1489272 2021-09-21] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.21.11.46\Definitions\IPSDefs\20220429.061\IDSvia64.sys [1515512 2022-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_689d3d5fefeef458\gna.sys [84880 2021-09-21] (Gaussian Mixture Models and Neural Networks Accelerator -> Intel Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [84144 2020-09-10] (LSI Corporation -> LSI Corporation)
S0 megasas2; C:\Windows\System32\drivers\megasas2.sys [57520 2020-09-10] (LSI Corporation -> LSI Corporation)
S0 megasas35; C:\Windows\System32\drivers\megasas35.sys [112632 2020-09-10] (Avago Technologies U.S. Inc. -> Avago Technologies)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [71736 2021-08-30] (Insecure.Com LLC -> Insecure.Com LLC.)
S4 npcap_wifi; C:\Windows\system32\DRIVERS\npcap.sys [71736 2021-08-30] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 nsvst_NGC; C:\Windows\System32\drivers\NGCx64\1616030.009\nsvst.sys [56080 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [95632 2022-05-01] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [229384 2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> sandboxie-plus.com)
R3 SRTSP; C:\Windows\System32\drivers\NGCx64\1616030.009\SRTSP64.SYS [941256 2022-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1616030.009\SRTSPX64.SYS [50376 2022-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1616030.009\SYMEFASI64.SYS [2030768 2022-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\Windows\System32\drivers\NGCx64\1616030.009\SymELAM.sys [31984 2022-04-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [93120 2022-02-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.21.11.46\SymPlatform\SymEvnt.sys [712432 2021-06-15] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1616030.009\Ironx64.SYS [319152 2022-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymNetS; C:\Windows\System32\drivers\NGCx64\1616030.009\symnets.sys [575344 2022-04-04] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48520 2021-11-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [435424 2021-11-24] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-24] (Microsoft Windows -> Microsoft Corporation)
R1 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\1616030.009\wpCtrlDrv.sys [1015760 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 nhi; \SystemRoot\System32\drivers\tbt100x.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-05-01 18:11 - 2022-05-01 18:13 - 000018459 _____ C:\Users\Home-Pc\Desktop\FRST.txt
2022-05-01 18:06 - 2022-05-01 18:06 - 002366976 _____ (Farbar) C:\Users\Home-Pc\Desktop\FRST64.exe
2022-05-01 17:45 - 2022-05-01 17:45 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
2022-05-01 16:14 - 2022-05-01 16:15 - 009786184 _____ C:\Users\Home-Pc\Desktop\5-1.pcapng
2022-05-01 14:11 - 2022-05-01 14:11 - 108750612 _____ C:\Users\Home\Documents\Home 5-1 install start-up.pcapng
2022-05-01 14:04 - 2022-05-01 14:04 - 000000000 ____D C:\Users\Home\Desktop\SysinternalsSuite
2022-05-01 14:01 - 2022-05-01 14:01 - 047840922 _____ C:\Users\Home\Desktop\SysinternalsSuite.zip
2022-05-01 13:31 - 2022-05-01 13:31 - 000000000 ____D C:\Users\Home\AppData\Roaming\Mozilla
2022-05-01 13:31 - 2022-05-01 13:31 - 000000000 ____D C:\Users\Home\AppData\LocalLow\Mozilla
2022-05-01 13:31 - 2022-05-01 13:31 - 000000000 ____D C:\Users\Home\AppData\Local\Mozilla
2022-05-01 13:28 - 2022-05-01 14:11 - 000000000 ____D C:\Users\Home\AppData\Roaming\Wireshark
2022-05-01 13:27 - 2022-04-30 21:28 - 000455527 ____R C:\Windows\system32\Drivers\etc\hosts.20220501-132723.backup
2022-04-30 22:33 - 2022-04-30 22:33 - 000000000 ____D C:\Users\Home\AppData\Local\Norton
2022-04-30 22:26 - 2022-04-30 22:26 - 000003584 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2199619703-1585671556-87930541-1001
2022-04-30 22:26 - 2022-04-30 22:26 - 000003374 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2199619703-1585671556-87930541-1001
2022-04-30 22:15 - 2022-04-30 22:15 - 000000000 ____D C:\Users\Home\AppData\Roaming\Norton
2022-04-30 22:05 - 2022-04-30 22:05 - 000000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-8AQ2J5E-Windows-10-Pro-(64-bit).dat
2022-04-30 22:05 - 2022-04-30 22:05 - 000000000 ____D C:\RegBackup
2022-04-30 22:04 - 2022-04-30 22:04 - 000002308 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2022-04-30 22:04 - 2022-04-30 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2022-04-30 22:04 - 2022-04-30 22:04 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2022-04-30 22:02 - 2022-04-30 22:04 - 000019843 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2022-04-30 21:52 - 2022-04-30 21:52 - 007333288 _____ (Tweaking.com) C:\Users\Home-Pc\Desktop\tweaking.com_registry_backup_setup.exe
2022-04-30 21:28 - 2022-01-22 23:56 - 000116156 _____ C:\Windows\system32\Drivers\etc\hosts.20220430-212806.backup
2022-04-29 13:15 - 2022-04-29 13:15 - 003769764 _____ C:\Users\Home-Pc\Desktop\4-29.pcapng
2022-04-28 20:36 - 2022-04-28 20:36 - 001849712 _____ C:\Users\Home-Pc\Desktop\4-28.pcapng
2022-04-28 01:04 - 2022-04-28 01:04 - 007889156 _____ C:\Users\Home-Pc\Documents\DESKTOP-8AQ2J5E.arn
2022-04-26 02:48 - 2022-04-26 02:48 - 000188928 _____ C:\Windows\system32\uwfcfgmgmt.dll
2022-04-26 02:47 - 2022-04-26 02:47 - 000011821 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-04-26 02:45 - 2022-04-26 02:45 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-04-26 02:45 - 2022-04-26 02:45 - 000093696 _____ C:\Windows\system32\Drivers\cimfs.sys
2022-04-26 02:06 - 2022-04-26 02:06 - 000000000 ___HD C:\$WinREAgent
2022-04-25 01:14 - 2022-04-25 01:14 - 000000360 _____ C:\Users\Home-Pc\Desktop\4-25.txt
2022-04-23 05:41 - 2022-04-23 05:41 - 000000000 ____D C:\Program Files\PCHealthCheck
2022-04-21 02:04 - 2022-04-21 02:04 - 000000796 _____ C:\Users\Home-Pc\Desktop\Manage Storage Spaces - Shortcut.lnk
2022-04-18 22:34 - 2022-04-18 22:34 - 001616921 _____ C:\Users\Home-Pc\Documents\HealthSummary_Apr_18_2022.zip
2022-04-18 19:20 - 2022-04-18 19:25 - 000000000 ___HD C:\ProgramData\CanonIJMIG
2022-04-18 19:20 - 2022-04-18 19:20 - 000000000 ____D C:\ProgramData\CanonIJPLM
2022-04-18 19:19 - 2022-04-18 19:20 - 000000000 ___HD C:\ProgramData\CanonIJScan
2022-04-18 19:18 - 2022-04-18 19:20 - 000000000 ____D C:\Users\Home-Pc\AppData\Roaming\Canon
2022-04-18 19:18 - 2022-04-18 19:18 - 000000000 ___HD C:\ProgramData\CanonIJQuickMenu
2022-04-18 19:08 - 2013-02-04 15:10 - 000321536 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BXL.dll
2022-04-18 19:08 - 2012-11-09 10:43 - 000088064 _____ C:\Windows\SysWOW64\CNC176DD.TBL
2022-04-18 19:08 - 2008-08-25 18:02 - 000015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2022-04-18 19:07 - 2022-04-18 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2500 series User Registration
2022-04-18 19:06 - 2022-04-18 19:07 - 000000000 ____D C:\ProgramData\CanonIJWSpt
2022-04-18 19:06 - 2022-04-18 19:06 - 000002094 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
2022-04-18 19:06 - 2022-04-18 19:06 - 000000000 ____D C:\Users\Home-Pc\AppData\LocalLow\Canon Easy-WebPrint EX2
2022-04-18 19:06 - 2022-04-18 19:06 - 000000000 ____D C:\Users\Home-Pc\AppData\LocalLow\Canon Easy-WebPrint EX
2022-04-18 19:01 - 2022-04-18 19:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2022-04-18 19:01 - 2022-04-18 19:06 - 000000000 ____D C:\Program Files\Canon
2022-04-18 19:00 - 2022-04-18 19:00 - 000002435 _____ C:\Users\Public\Desktop\Canon MG2500 series On-screen Manual.lnk
2022-04-18 19:00 - 2022-04-18 19:00 - 000000000 ___HD C:\ProgramData\CanonBJ
2022-04-18 19:00 - 2022-04-18 19:00 - 000000000 ___HD C:\Program Files\CanonBJ
2022-04-18 19:00 - 2022-04-18 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2500 series Manual
2022-04-18 19:00 - 2013-03-24 05:00 - 000391168 _____ (CANON INC.) C:\Windows\system32\CNMLMBX.DLL
2022-04-18 19:00 - 2013-02-04 15:12 - 000367104 _____ (CANON INC.) C:\Windows\system32\CNC_BXL.dll
2022-04-18 19:00 - 2012-11-09 10:43 - 000088064 _____ C:\Windows\system32\CNC176DD.TBL
2022-04-18 19:00 - 2012-11-08 13:04 - 000282624 _____ (CANON INC.) C:\Windows\system32\CNC_BXC.dll
2022-04-18 19:00 - 2012-11-08 13:03 - 000106496 _____ (CANON INC.) C:\Windows\system32\CNC_BXI.dll
2022-04-18 19:00 - 2008-08-25 18:02 - 000017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2022-04-18 18:56 - 2022-04-18 19:08 - 000000000 ____D C:\Program Files (x86)\Canon
2022-04-18 18:55 - 2022-04-18 18:55 - 049442352 _____ C:\Users\Home-Pc\Downloads\win-mg2500-1_1-ucd.exe
2022-04-18 18:28 - 2013-03-24 05:00 - 000393728 _____ (CANON INC.) C:\Windows\system32\CNMXLMBX.DLL
2022-04-18 12:57 - 2022-04-18 12:57 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2022-04-18 12:57 - 2022-04-18 12:57 - 000002241 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2022-04-18 12:57 - 2022-04-18 12:57 - 000000000 ____D C:\Program Files\Google
2022-04-16 20:49 - 2022-04-16 20:50 - 045712100 _____ C:\Users\Home-Pc\Downloads\1_xilns5nx.webm
2022-04-14 13:56 - 2022-04-14 13:56 - 000179913 _____ C:\Users\Home-Pc\Downloads\or-mt-access-designated-record-set.pdf
2022-04-12 18:11 - 2022-04-12 18:11 - 000000000 ____D C:\Users\Home-Pc\AppData\Local\Spoon
2022-04-12 17:52 - 2022-04-12 17:52 - 000000000 ____D C:\Users\Home-Pc\Desktop\HealthSummary_Apr_12_2022(1)
2022-04-12 17:47 - 2022-04-12 17:47 - 000619385 _____ C:\Users\Home-Pc\Documents\HealthSummary_Apr_12_2022(1).zip
2022-04-12 17:46 - 2022-04-12 17:46 - 000619385 _____ C:\Users\Home-Pc\Downloads\HealthSummary_Apr_12_2022.zip
2022-04-12 11:12 - 2022-04-12 11:12 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2022-04-12 11:12 - 2022-04-12 11:12 - 000001815 _____ C:\Users\Public\Desktop\Wireshark.lnk
2022-04-10 20:53 - 2022-04-10 20:53 - 008400790 _____ C:\Users\Home-Pc\Downloads\CL#21-0804.pdf
2022-04-06 09:30 - 2022-05-01 16:34 - 000000000 ____D C:\Windows\system32\Tasks\Norton 360
2022-04-06 09:30 - 2022-04-06 20:35 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2022-04-06 09:30 - 2022-04-06 09:30 - 000003374 _____ C:\Windows\system32\Tasks\Norton WSC Integration
2022-04-05 14:32 - 2022-04-12 18:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-05-01 18:12 - 2021-12-16 11:31 - 000000000 ____D C:\FRST
2022-05-01 18:11 - 2021-12-06 15:28 - 000000000 ____D C:\Users\Home-Pc\AppData\Local\Battle.net
2022-05-01 18:09 - 2021-12-05 21:40 - 000000000 ____D C:\Users\Home-Pc\AppData\LocalLow\Mozilla
2022-05-01 17:42 - 2022-02-10 15:49 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-05-01 17:40 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-05-01 17:26 - 2022-02-03 22:11 - 000000000 ____D C:\Program Files (x86)\Google
2022-05-01 16:57 - 2021-04-27 21:49 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-05-01 16:33 - 2021-12-06 15:27 - 000000000 ____D C:\Program Files (x86)\Battle.net
2022-05-01 16:26 - 2021-12-08 16:06 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2022-05-01 16:26 - 2021-04-27 21:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-05-01 16:26 - 2021-04-27 21:49 - 000008192 ___SH C:\DumpStack.log.tmp
2022-05-01 16:25 - 2019-12-07 03:03 - 000786432 _____ C:\Windows\system32\config\BBI
2022-05-01 16:24 - 2022-01-23 00:03 - 000000085 _____ C:\Windows\wininit.ini
2022-05-01 16:24 - 2021-12-08 16:06 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2022-05-01 15:39 - 2022-01-13 17:50 - 000015568 _____ C:\Windows\SysWOW64\bddel.dat
2022-05-01 14:05 - 2021-12-09 12:23 - 000095632 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON24.SYS
2022-05-01 11:26 - 2021-04-27 14:56 - 000000000 ____D C:\Users\Home
2022-04-30 22:55 - 2021-11-24 13:49 - 000000000 ____D C:\Users\Home-Pc
2022-04-30 22:47 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\AppReadiness
2022-04-30 22:39 - 2021-04-27 14:56 - 000000000 ____D C:\Users\Home\AppData\Local\Packages
2022-04-30 22:34 - 2019-12-07 03:13 - 000000000 ____D C:\Windows\INF
2022-04-30 22:26 - 2021-04-27 14:56 - 000002376 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-04-30 22:15 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-04-30 22:00 - 2022-03-14 09:17 - 000000000 ____D C:\Users\Home-Pc\Documents\Georgia
2022-04-30 21:58 - 2022-03-11 17:32 - 000000000 ____D C:\Users\Home-Pc\Desktop\moms stuff
2022-04-30 21:57 - 2022-03-02 10:49 - 000000000 ____D C:\Users\Home-Pc\Desktop\Useful command lines
2022-04-30 12:15 - 2022-03-14 09:19 - 000000000 ____D C:\Users\Home-Pc\Documents\Physics Forums
2022-04-30 11:39 - 2021-04-27 16:04 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-04-30 11:39 - 2021-04-27 16:04 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-04-29 00:29 - 2022-01-21 11:28 - 000036208 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2022-04-28 21:30 - 2021-11-29 13:09 - 000000000 ____D C:\ProgramData\Norton
2022-04-28 19:04 - 2019-12-07 03:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2022-04-28 17:36 - 2022-02-03 12:35 - 000000000 ____D C:\Program Files\Norton Utilities
2022-04-28 11:12 - 2022-02-03 12:36 - 000001921 _____ C:\Users\Home-Pc\Desktop\Norton Utilities.lnk
2022-04-28 11:05 - 2021-04-27 16:04 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-04-28 11:05 - 2021-04-27 16:04 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-04-27 18:24 - 2021-12-12 21:19 - 000003584 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2199619703-1585671556-87930541-1003
2022-04-27 18:24 - 2021-11-24 13:53 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2199619703-1585671556-87930541-1003
2022-04-27 18:24 - 2021-11-24 13:49 - 000002385 _____ C:\Users\Home-Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-04-26 03:20 - 2021-04-27 14:57 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2022-04-26 03:11 - 2019-12-07 03:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-04-26 03:11 - 2019-12-07 03:14 - 000000000 ___SD C:\Windows\system32\UNP
2022-04-26 03:11 - 2019-12-07 03:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-04-26 03:11 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SystemResources
2022-04-26 03:11 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\migwiz
2022-04-26 03:11 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\bcastdvr
2022-04-26 03:09 - 2019-12-07 03:03 - 000000000 ____D C:\Windows\CbsTemp
2022-04-25 02:31 - 2022-03-14 10:28 - 000000000 ____D C:\Users\Home-Pc\Documents\Moms Meme's
2022-04-23 05:41 - 2021-11-24 13:57 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-04-21 19:26 - 2021-12-06 15:38 - 000000000 ____D C:\Program Files (x86)\Diablo III
2022-04-20 02:01 - 2021-12-08 18:04 - 000000000 ____D C:\Users\Home-Pc\AppData\Local\CrashDumps
2022-04-19 17:20 - 2022-02-03 22:14 - 000003496 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{73DEBFF9-E818-4D7F-957E-197C11ED0D05}
2022-04-19 17:20 - 2022-02-03 22:14 - 000003372 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{4DBD1454-0D91-4B18-B7AA-629538FA5AA6}
2022-04-18 19:10 - 2021-11-24 13:53 - 000000000 ____D C:\Users\Home-Pc\AppData\Local\PlaceholderTileLogoFolder
2022-04-18 19:10 - 2021-11-24 13:50 - 000000000 ____D C:\Users\Home-Pc\AppData\Local\Packages
2022-04-18 19:08 - 2019-12-07 03:14 - 000000000 __RSD C:\Windows\Media
2022-04-18 18:44 - 2021-12-17 19:25 - 000000000 ____D C:\Users\Home-Pc\AppData\Local\ElevatedDiagnostics
2022-04-12 18:50 - 2021-04-27 21:49 - 000451392 _____ C:\Windows\system32\FNTCACHE.DAT
2022-04-12 18:49 - 2021-12-05 21:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-04-12 16:43 - 2021-04-27 14:59 - 000000000 ____D C:\Windows\system32\MRT
2022-04-12 16:41 - 2021-04-27 14:59 - 143823848 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-04-12 11:13 - 2021-12-09 22:19 - 000000000 ____D C:\Program Files\Wireshark
2022-04-12 09:22 - 2021-12-05 21:40 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-04-12 09:22 - 2021-12-05 21:40 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2022-04-06 20:35 - 2022-02-04 15:20 - 000002409 _____ C:\Users\Public\Desktop\Norton Security.lnk
2022-04-06 15:06 - 2021-12-05 20:21 - 000000000 ____D C:\Program Files\Common Files\AV
2022-04-06 09:30 - 2022-02-04 15:18 - 000000000 ____D C:\Windows\system32\Drivers\NGCx64
2022-04-04 21:35 - 2021-04-27 15:01 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
==================== Files in the root of some directories ========
2022-01-23 00:04 - 2022-01-23 00:04 - 000000063 _____ () C:\Users\Home-Pc\AppData\Roaming\Safer-Networking.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2022
Ran by Home-Pc (01-05-2022 18:14:41)
Running from C:\Users\Home-Pc\Desktop
Microsoft Windows 10 Pro Version 21H1 19043.1682 (X64) (2021-11-24 16:57:28)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2199619703-1585671556-87930541-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2199619703-1585671556-87930541-503 - Limited - Disabled)
Guest (S-1-5-21-2199619703-1585671556-87930541-501 - Limited - Disabled)
Home (S-1-5-21-2199619703-1585671556-87930541-1001 - Administrator - Enabled) => C:\Users\Home
Home-Pc (S-1-5-21-2199619703-1585671556-87930541-1003 - Administrator - Enabled) => C:\Users\Home-Pc
WDAGUtilityAccount (S-1-5-21-2199619703-1585671556-87930541-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
FW: Norton 360 (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.02 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version: - *Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.4 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Google Earth Pro (HKLM\...\{C36E66A6-6EE5-47DB-945F-A6F03225D540}) (Version: 7.3.4.8573 - Google)
inSSIDer (HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\inSSIDer) (Version: 5.5.0 - MetaGeek, LLC)
IrfanView 4.59 (64-bit) (HKLM\...\IrfanView64) (Version: 4.59 - Irfan Skiljan)
Ksanka-Punctuation Keys (HKLM\...\{7218FCE2-2B46-4CB5-ADE6-6B215388C930}) (Version: 1.0.3.40 - Languagegeek.com)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 101.0.1210.32 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\OneDriveSetup.exe) (Version: 22.077.0410.0007 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 99.0.1 (x64 en-US)) (Version: 99.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 94.0.2 - Mozilla)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.22.3.9 - NortonLifeLock Inc)
Norton Utilities (HKLM\...\{36896A40-D958-486B-8A43-31A41E129FE2}) (Version: 21.4.5.428 - NortonLifeLock Inc)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.55 - Nmap Project)
Sandboxie 5.53.3 (64-bit) (HKLM\...\Sandboxie) (Version: 5.53.3 - sandboxie-plus.com)
TreeSize Free V4.5.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.5.3 - JAM Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 4.0.0 - Tweaking.com)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Wireshark 3.6.3 64-bit (HKLM-x32\...\Wireshark) (Version: 3.6.3 - The Wireshark developer community, hxxps://www.wireshark.org)
Packages:
=========
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2022-04-18] (Canon Inc.)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.27.1.0_x64__6rarf9sa4v8jt [2022-04-19] (Disney)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-24] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0 [2022-04-28] (Spotify AB) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [FileShredder] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files\Norton Utilities\x64\FileShredder.dll [2022-02-03] (NortonLifeLock Inc. -> Symantec Corporation)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.3.9\NavShExt.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.3.9\NavShExt.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers4: [FileShredder] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files\Norton Utilities\x64\FileShredder.dll [2022-02-03] (NortonLifeLock Inc. -> Symantec Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.3.9\NavShExt.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2022-04-21 19:24 - 2022-04-21 19:25 - 104871424 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\libcef.dll
2022-04-21 19:25 - 2022-04-21 19:25 - 000112128 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\libegl.dll
2022-04-21 19:25 - 2022-04-21 19:25 - 006227456 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\libglesv2.dll
2022-04-21 19:24 - 2022-04-21 19:24 - 000810496 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\chrome_elf.dll
2022-04-21 19:24 - 2022-04-21 19:24 - 000047104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\audio\qtaudio_windows.dll
2022-04-21 19:24 - 2022-04-21 19:24 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\imageformats\qgif.dll
2022-04-21 19:24 - 2022-04-21 19:24 - 000027136 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\imageformats\qico.dll
2022-04-21 19:24 - 2022-04-21 19:24 - 000243712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\imageformats\qjpeg.dll
2022-04-21 19:24 - 2022-04-21 19:24 - 000223744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\imageformats\qmng.dll
2022-04-21 19:24 - 2022-04-21 19:24 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\imageformats\qsvg.dll
2022-04-21 19:24 - 2022-04-21 19:24 - 000332288 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\imageformats\qtiff.dll
2022-04-21 19:25 - 2022-04-21 19:25 - 001140224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\platforms\qwindows.dll
2022-04-21 19:26 - 2022-04-21 19:26 - 004943360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Core.dll
2022-04-21 19:26 - 2022-04-21 19:26 - 005022208 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Gui.dll
2022-04-21 19:26 - 2022-04-21 19:26 - 000626176 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Multimedia.dll
2022-04-21 19:26 - 2022-04-21 19:26 - 000877056 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Network.dll
2022-04-21 19:26 - 2022-04-21 19:26 - 002908672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Qml.dll
2022-04-21 19:26 - 2022-04-21 19:26 - 003078656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Quick.dll
2022-04-21 19:26 - 2022-04-21 19:26 - 000259072 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Svg.dll
2022-04-21 19:26 - 2022-04-21 19:26 - 004718080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Widgets.dll
2022-04-21 19:26 - 2022-04-21 19:26 - 000439296 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5WinExtras.dll
2022-04-21 19:26 - 2022-04-21 19:26 - 000159232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Xml.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2199619703-1585671556-87930541-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2199619703-1585671556-87930541-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.22.3.9\coIEPlg.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.22.3.9\coIEPlg.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.22.3.9\coIEPlg.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.22.3.9\coIEPlg.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7942 more sites.
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\123simsen.com -> www.123simsen.com
There are 7942 more sites.
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\123simsen.com -> www.123simsen.com
There are 7942 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 03:14 - 2022-05-01 13:27 - 000455527 ____R C:\Windows\system32\drivers\etc\hosts
127.0.0.1 ecyb.com
127.0.0.1 www.edbay.it
127.0.0.1 edbay.it
127.0.0.1 www.edgealive.ru
127.0.0.1 edgealive.ru
127.0.0.1 www.edgeoffice.ru
127.0.0.1 edgeoffice.ru
127.0.0.1 edgestorm.net
127.0.0.1 www.edgestorm.net
127.0.0.1 edhq.com
127.0.0.1 www.edietprogram.com
127.0.0.1 edietprogram.com
127.0.0.1 www.edonkey.ca
127.0.0.1 edonkey.ca
127.0.0.1 www.edsex.info
127.0.0.1 edsex.info
127.0.0.1 www.edsex4.info
127.0.0.1 edsex4.info
127.0.0.1 www.edsherebuy.com
127.0.0.1 edsherebuy.com
127.0.0.1 edty.com
127.0.0.1 eduy.com
127.0.0.1 eebay.it
127.0.0.1 www.eebay.it
127.0.0.1 eeev.com
127.0.0.1 eepubblica.it
127.0.0.1 www.eepubblica.it
127.0.0.1 www.efbay.it
127.0.0.1 efbay.it
127.0.0.1 www.efbsex2.info
There are 15631 more lines.
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2199619703-1585671556-87930541-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2199619703-1585671556-87930541-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.0.1 - 205.171.3.65
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{5F1095F8-C6D5-436A-970D-70FA42C1DB36}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0F0AAE6D-2E60-43BC-AA99-C093D33A7159}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FA23D43E-F872-42B6-BBA6-70FEF45C2966}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7879EC4A-840A-43F9-8C18-FA79663ED3A4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{13173DB8-E639-451C-9191-2C44925C1D46}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8508CFC0-7B99-445E-85DC-025F488CAF48}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4BA05DF9-A168-4249-94AF-4F0F9A62E881}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{305C3059-F2BE-4B67-8AAB-0B098AB50530}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F1E0C5A5-309A-4A0B-B2EF-8FBD2E6342CD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{49F160EA-1B77-4F09-B0E1-677AB8B29D51}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BCC8D1AC-454C-417A-A73A-761451E4A93E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7C3B6544-6C58-4DB6-8E29-244429881B9A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C5953C42-DB4D-469C-A03F-97E6033D7BD5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{17E13EF3-999E-4179-9A71-CD0CDA384C21}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
==================== Restore Points =========================
12-04-2022 17:18:02 Windows Modules Installer
20-04-2022 21:57:13 Scheduled Checkpoint
26-04-2022 02:01:21 Windows Modules Installer
==================== Faulty Device Manager Devices ============
Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (05/01/2022 02:12:30 PM) (Source: Spybot Auto Update) (EventID: 0) (User: )
Description: Event-ID 0
Error: (04/30/2022 11:16:57 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DESKTOP-8AQ2J5E)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147023878
Error: (04/30/2022 11:16:48 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DESKTOP-8AQ2J5E)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147023878
Error: (04/30/2022 11:16:48 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DESKTOP-8AQ2J5E)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147023878
Error: (04/30/2022 11:16:48 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DESKTOP-8AQ2J5E)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147023878
Error: (04/30/2022 11:16:43 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DESKTOP-8AQ2J5E)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147023878
Error: (04/30/2022 11:16:29 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DESKTOP-8AQ2J5E)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147023878
Error: (04/30/2022 09:21:52 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
System errors:
=============
Error: (05/01/2022 05:36:43 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.
Error: (05/01/2022 05:23:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.
Error: (05/01/2022 01:56:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (05/01/2022 01:56:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
Error: (05/01/2022 01:32:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (05/01/2022 01:32:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
Error: (05/01/2022 01:23:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (05/01/2022 01:23:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
Windows Defender:
================
Date: 2021-11-29 11:12:29
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-11-29 10:46:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-11-29 10:15:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-04-27 16:25:34
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2022-05-01 16:29:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.22.3.9\symamsi.dll that did not meet the Microsoft signing level requirements.
Date: 2022-05-01 16:28:54
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.22.3.9\symamsi.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. A05 05/28/2011
Motherboard: Dell Inc. 0HY9JP
Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 56%
Total physical RAM: 3976.93 MB
Available physical RAM: 1729.48 MB
Total Virtual: 7120.32 MB
Available Virtual: 4172.57 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.34 GB) (Free:88.45 GB) NTFS
\\?\Volume{35d99af4-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{35d99af4-0000-0000-0000-00193a000000}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 35D99AF4)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=505 MB) - (Type=27)
==================== End of Addition.txt =======================